Mercurial > p > roundup > code
comparison templates/classic/schema.py @ 2649:1df7d4a41da4
Buncha stuff (sorry about the large checkin):
- Permissions may now be defined on a per-property basis
- added "Create" Permission. Replaces the "Web"- and "Email Registration"
Permissions.
- added option to turn off registration confirmation via email
("instant_registration" in config)
Migrated the user edit/view permission to use check code.
Fixed a buncha stuff in the default templates. Needs a thorough review
though.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 28 Jul 2004 02:29:46 +0000 |
| parents | 18e86941c950 |
| children | 09e0d37abada |
comparison
equal
deleted
inserted
replaced
| 2648:fe71e108d998 | 2649:1df7d4a41da4 |
|---|---|
| 78 # | 78 # |
| 79 # TRACKER SECURITY SETTINGS | 79 # TRACKER SECURITY SETTINGS |
| 80 # | 80 # |
| 81 # See the configuration and customisation document for information | 81 # See the configuration and customisation document for information |
| 82 # about security setup. | 82 # about security setup. |
| 83 | |
| 84 # | |
| 85 # REGULAR USERS | |
| 86 # | |
| 87 # Give the regular users access to the web and email interface | |
| 88 p = db.security.getPermission('Web Access') | |
| 89 db.security.addPermissionToRole('User', p) | |
| 90 p = db.security.getPermission('Email Access') | |
| 91 db.security.addPermissionToRole('User', p) | |
| 92 | |
| 83 # Assign the access and edit Permissions for issue, file and message | 93 # Assign the access and edit Permissions for issue, file and message |
| 84 # to regular users now | 94 # to regular users now |
| 85 for cl in 'issue', 'file', 'msg', 'query', 'keyword': | 95 for cl in 'issue', 'file', 'msg', 'query', 'keyword': |
| 86 p = db.security.getPermission('View', cl) | 96 p = db.security.getPermission('View', cl) |
| 87 db.security.addPermissionToRole('User', p) | 97 db.security.addPermissionToRole('User', p) |
| 88 p = db.security.getPermission('Edit', cl) | 98 p = db.security.getPermission('Edit', cl) |
| 89 db.security.addPermissionToRole('User', p) | 99 db.security.addPermissionToRole('User', p) |
| 100 p = db.security.getPermission('Create', cl) | |
| 101 db.security.addPermissionToRole('User', p) | |
| 90 for cl in 'priority', 'status': | 102 for cl in 'priority', 'status': |
| 91 p = db.security.getPermission('View', cl) | 103 p = db.security.getPermission('View', cl) |
| 92 db.security.addPermissionToRole('User', p) | 104 db.security.addPermissionToRole('User', p) |
| 93 | |
| 94 # and give the regular users access to the web and email interface | |
| 95 p = db.security.getPermission('Web Access') | |
| 96 db.security.addPermissionToRole('User', p) | |
| 97 p = db.security.getPermission('Email Access') | |
| 98 db.security.addPermissionToRole('User', p) | |
| 99 | 105 |
| 100 # May users view other user information? Comment these lines out | 106 # May users view other user information? Comment these lines out |
| 101 # if you don't want them to | 107 # if you don't want them to |
| 102 p = db.security.getPermission('View', 'user') | 108 p = db.security.getPermission('View', 'user') |
| 103 db.security.addPermissionToRole('User', p) | 109 db.security.addPermissionToRole('User', p) |
| 104 | 110 |
| 111 # Users should be able to edit their own details. Note that this | |
| 112 # permission is limited to only the situation where the Viewed or | |
| 113 # Edited item is their own. | |
| 114 def own_record(db, userid, itemid): | |
| 115 '''Determine whether the userid matches the item being accessed.''' | |
| 116 return userid == itemid | |
| 117 p = db.security.addPermission(name='View', klass='user', check=own_record, | |
| 118 description="User is allowed to view their own user details") | |
| 119 p = db.security.addPermission(name='Edit', klass='user', check=own_record, | |
| 120 description="User is allowed to edit their own user details") | |
| 121 db.security.addPermissionToRole('User', p) | |
| 122 | |
| 123 # | |
| 124 # ANONYMOUS USER PERMISSIONS | |
| 125 # | |
| 126 # Let anonymous users access the web interface. Note that almost all | |
| 127 # trackers will need this Permission. The only situation where it's not | |
| 128 # required is in a tracker that uses an HTTP Basic Authenticated front-end. | |
| 129 p = db.security.getPermission('Web Access') | |
| 130 db.security.addPermissionToRole('Anonymous', p) | |
| 131 | |
| 132 # Let anonymous users access the email interface (note that this implies | |
| 133 # that they will be registered automatically, hence they will need the | |
| 134 # "Create" user Prmission below) | |
| 135 p = db.security.getPermission('Email Access') | |
| 136 db.security.addPermissionToRole('Anonymous', p) | |
| 137 | |
| 105 # Assign the appropriate permissions to the anonymous user's Anonymous | 138 # Assign the appropriate permissions to the anonymous user's Anonymous |
| 106 # Role. Choices here are: | 139 # Role. Choices here are: |
| 107 # - Allow anonymous users to register through the web | 140 # - Allow anonymous users to register |
| 108 p = db.security.getPermission('Web Registration') | 141 p = db.security.getPermission('Create', 'user') |
| 109 db.security.addPermissionToRole('Anonymous', p) | 142 db.security.addPermissionToRole('Anonymous', p) |
| 110 # - Allow anonymous (new) users to register through the email gateway | 143 |
| 111 p = db.security.getPermission('Email Registration') | 144 # Allow anonymous users access to view issues (and the related, linked |
| 112 db.security.addPermissionToRole('Anonymous', p) | 145 # information) |
| 113 # - Allow anonymous users access to view issues (which implies being | |
| 114 # able to view all linked information too | |
| 115 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': | 146 for cl in 'issue', 'file', 'msg', 'keyword', 'priority', 'status': |
| 116 p = db.security.getPermission('View', cl) | 147 p = db.security.getPermission('View', cl) |
| 117 db.security.addPermissionToRole('Anonymous', p) | 148 db.security.addPermissionToRole('Anonymous', p) |
| 118 # - Allow anonymous users access to edit the "issue" class of data | |
| 119 # Note: this also grants access to create related information like | |
| 120 # files and messages etc that are linked to issues | |
| 121 #p = db.security.getPermission('Edit', 'issue') | |
| 122 #db.security.addPermissionToRole('Anonymous', p) | |
| 123 | 149 |
| 124 # oh, g'wan, let anonymous access the web interface too | 150 # [OPTIONAL] |
| 125 p = db.security.getPermission('Web Access') | 151 # Allow anonymous users access to create or edit "issue" items (and the |
| 126 db.security.addPermissionToRole('Anonymous', p) | 152 # related file and message items) |
| 153 #for cl in 'issue', 'file', 'msg': | |
| 154 # p = db.security.getPermission('Create', cl) | |
| 155 # db.security.addPermissionToRole('Anonymous', p) | |
| 156 # p = db.security.getPermission('Edit', cl) | |
| 157 # db.security.addPermissionToRole('Anonymous', p) | |
| 127 | 158 |
| 128 | 159 |
| 129 # vim: set filetype=python sts=4 sw=4 et si | 160 # vim: set filetype=python sts=4 sw=4 et si |